mdw@git.distorted.org.uk Git - ca/blob - lib/func.sh

   1 ### -*-sh-*-
   2
   3 runas_ca () {
   4   ## runas_ca
   5   ##
   6   ## Make sure we're running as the CA user.  I don't trust ASN.1 parsers
   7   ## to run as root against untrusted input -- especially OpenSSL's one.
   8
   9   case $(id -un) in
  10     ca) ;;
  11     *) exec sudo -u ca "$0" "$@" ;;
  12   esac
  13 }
  14
  15 linkserial () {
  16   ## linkserial CERT [SERIAL]
  17   ##
  18   ## Make a link for the certificate according to its serial number.
  19
  20   cert=$1 suffix=$2
  21   serial=$(openssl x509 -serial -noout -in "$cert")
  22   serial=${serial##*=}
  23   t=index/byserial$suffix/$serial.pem
  24   if [ -L "$t" ]; then
  25     other=$(readlink "$t")
  26     echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}"
  27     badness=1
  28     return
  29   fi
  30   lns "$cert" "$t"
  31 }
  32
  33 linkhash () {
  34   ## linkhash CERT [SUFFIX]
  35   ##
  36   ## Make links for the certificate according to its hash.
  37
  38   cert=$1 suffix=$2
  39   fpr=$(openssl x509 -fingerprint -noout -in "$cert")
  40   for opt in subject_hash subject_hash_old; do
  41     n=0
  42     hash=$(openssl x509 -$opt -noout -in "$cert")
  43     while t=index/byhash$suffix/$hash.$n; [ -L "$t" ]; do
  44       ofpr=$(openssl x509 -fingerprint -noout -in "$t")
  45       other=$(readlink "$t")
  46       case "${cert##*/}" in "${other##*/}") continue ;; esac
  47       case "$ofpr" in
  48         "$fpr")
  49           echo "Duplicate certificates: ${other##*/}, ${cert##*/}"
  50           badness=1
  51           return
  52           ;;
  53       esac
  54       n=$(expr $n + 1)
  55     done
  56     lns "$cert" "$t"
  57   done
  58 }